Connecting a desktop application with a website - c++

I made an application using Qt/C++ that reads some values every 5-7 seconds and sends them to a website.
My approach is very simple. I am just reading the values i want to send and then i make an HTTP POST to the website. I also send the username and password to the website.
The problem is that i cannot find out if the request is successful. I mean that if i send the request and server gets it, i will get an HTTP:200 always. For example if the password is not correct, there is no way to know it. It is the way HTTP works.
Now i think i will need some kind of a protocol to take care the communication between the application and the website.
The question is what protocol to use?

If the action performed completes before the response header is sent you have the option of adding a custom status to it. If your website is built on PHP you can call header() to add the custom status of the operation.
header('XAppRequest-Status: complete');

if you can modify the server side script you could do the following
on one end :
You can make the HTTP post request via ajax
and evaluate the result of the ajax request.
On the serve side
On the HTTP request you do your process and if everything goes accordingly you can send data back to the ajax script that called it.
solves your problem .. ?

Related

Functional URL hit lambda twice

I am trying to make use of functional url in case of mono lambda function, I have created a functional url with no security.
URL was created successfully, but Not able to hit that url using postman. So I use chrome web browser to hit my url(Get request). But the problem was whenever I hit the url, My function gets executed twice.
If anyone have faced same issue, Please assist.
There are two possibilities I can think off-
Chrome/browser sending another request for favicon.png
If you have configuration on server side that enforce HTTP to HTTPS conversion of the request, like re-direct to enforce SSL connection. In that case as well, browser send one request HTTP and redirect request to HTTPS. e.g when you hit- http://example.org, if it enforce the https, then again browser send another request to https://example.org.
You need to check possibilities here using network trouble shooting. Hope this will help you!

Receive Callback request inside Postman automated test

I am trying to write automated tests with Postman. I am new to postman automation world so sorry if the question will seem dumb.
In the api that I need to test when I send a request I immediately receive a response with a transactionID, no matter transaction succeeded or not. Along with my request I send a CallbackURL to the server where I expect the actual transaction result to be called back. The server will do a PUT request back to the CallbackURL that I have provided with the transactionID and the actual response or error.
So the question is, can I have such kind of scenarios in my postman tests?
I guess I should run a web server and expose an endpoint which will expect a PUT request and I should get the body of this PUT request in my tests to check it, and respond back to it with success.
In other words, within my script I need to perform the following actions:
Do a request to the server passing a callback URL
check the immediate response from the server and keep the returned transactionID
Have a webserver run with an endpoint that I passed as a callback URL
Expect a request to that endpoint with transactionID and actual response
Check that the response is what I actually expected
Respond to the request with success
I was thinking about Postman Mock server, but seems it is not designed for such usage.
I also think may be I can run some JS Webserver (may be nodeJS) inside the postman Sandbox...
Actually I am very new to postman testing and I am really confused about this kind of issue. Is it even possible to do this with postman or I need something else?
There are some features provided by POSTMAN which can help you to resolve your problem
When you do request to server passing callback URL it gives you transactionID in response. Save that transactionID in environment variable or global variable. Same you can do it for callbackURL.
Eg. pm.environment.set("transactionID", transactionID);
Then you can do the second request where you passed callback URL and transactionID which you have already.
In short in POSTMAN there are features like
Set global and environment variable which helps to pass some values fetched from response to another request.
call other request on success of first request
eg. postman.setnextRequest({{requestname}});
If you can mentioned your problem statement little bit in details it will be easy to answer in better way.
Hope This Will Help You

Understanding CORS

I've been looking on the web regarding CORS, and I wanted to confirm if whatever I made of it is, what it actually is.
Mentioned below is a totally fictional scenario.
I'll take an example of a normal website. Say my html page has a form that takes a text field name. On submitting it, it sends the form data to myPage.php. Now, what happens internally is that, the server sends the request to www.mydomain.com/mydirectory/myPage.php along with the text fields. Now, the server sees that the request was fired off from the same domain/port/protocol
(Question 1. How does server know about all these details. Where does it extract all these details froms?)
Nonetheless, since the request is originated from same domain, it server the php script and returns whatever is required off it.
Now, for the sake of argument, let's say I don't want to manually fill the data in text field, but instead I want to do it programmatically. What I do is, I create a html page with javascript and fire off a POST request along with the parameters (i.e. values of textField). Now since my request is not from any domain as such, the server disregards the service to my request. and I get cross domain error?
Similarly, I could have written a Java program also, that makes use of HTTPClient/Post request and do the same thing.
Question 2 : Is this what the problem is?
Now, what CORS provide us is, that the server will say that 'anyone can access myPage.php'.
From enable cors.org it says that
For simple CORS requests, the server only needs to add the following header to its response:
Access-Control-Allow-Origin: *
Now, what exactly is the client going to do with this header. As in, the client anyway wanted to make call to the resources on server right? It should be upto server to just configure itself with whether it wants to accept or not, and act accordingly.
Question 3 : What's the use of sending a header back to client (who has already made a request to the server)?
And finally, what I don't get is that, say I am building some RESTful services for my android app. Now, say I have one POST service www.mydomain.com/rest/services/myPost. I've got my Tomcat server hosting these services on my local machine.
In my android app, I just call this service, and get the result back (if any). Where exactly did I use CORS in this case. Does this fall under a different category of server calls? If yes, then how exactly.
Furthermore, I checked Enable Cors for Tomcat and it says that I can add a filter in my web.xml of my dynamic web project, and then it will start accepting it.
Question 4 : Is that what is enabling the calls from my android device to my webservices?
Thanks
First of all, the cross domain check is performed by the browser, not the server. When the JavaScript makes an XmlHttpRequest to a server other than its origin, if the browser supports CORS it will initialize a CORS process. Or else, the request will result in an error (unless user has deliberately reduced browser security)
When the server encounters Origin HTTP header, server will decide if it is in the list of allowed domains. If it is not in the list, the request will fail (i.e. server will send an error response).
For number 3 and 4, I think you should ask separate questions. Otherwise this question will become too broad. And I think it will quickly get close if you do not remove it.
For an explanation of CORS, please see this answer from programmers: https://softwareengineering.stackexchange.com/a/253043/139479
NOTE: CORS is more of a convention. It does not guarantee security. You can write a malicious browser that disregards the same domain policy. And it will execute JavaScript fetched from any site. You can also create HTTP headers with arbitrary Origin headers, and get information from any third party server that implements CORS. CORS only works if you trust your browser.
For question 3, you need to understand the relationship between the two sites and the client's browser. As Krumia alluded to in their answer, it's more of a convention between the three participants in the request.
I recently posted an article which goes into a bit more detail about how CORS handshakes are designed to work.
Well I am not a security expert but I hope, I can answer this question in one line.
If CORS is enabled then server will just ask browser if you are calling the request from [xyz.com]? If browser say yes it will show the result and if browser says no it is from [abc.com] it will throw error.
So CORS is dependent on browser. And that's why browsers send a preflight request before actual request.
In my case I just added
.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
to my WebSecurityConfiguration file issue is resolved

Is there a web service that spits out the entire request that was sent?

I apologize if this isn't "programming" worthy. I'm wondering if a service exists that when the HTTP service is pinged, it echos back the exact same request you made as the response.
The reason I want this is I want to UnitTest a class I made to build requests and send them over a socket. I realize I could just do a Mock object of some sort, but I think that involves more complexity than just making sure the request being sent was properly built.
Ideally, the web service would send the content back as proper HTTP 1.1 with the request info I sent in the body of the response.
Thanks!
Kyle
-- edit --
Just a quick reference to the solution. Point your browser to: http://scooterlabs.com/echo.json or http://scooterlabs.com/echo.xml
This guy seemed to have the same problem as you web service echo test
Refers to some links you might be interested in
I guess there are some uses for a simple echo, but in any kind of a realistic interaction it's going to be pretty hard to isolate just the piece you are trying to test.
A more general approach would be to use a local proxy server, stands as the man in the middle
between you and all remote sites, and can log urls, responses, content and so on.
If you're developing the server side as well as the client, you definitely ought to run a
local mirror of the server site.

How to transfer Raphaeljs variable in a JSP page?

I'm in a position to get a value from JavaScript, which uses Raphaeljs and send it to a Servlet/JSP page for Display & DB related work. Kindly assist me for that.
You are going to have to do AJAX for this one. Be sure to load jQuery so is easy to do it.
Simply collect the var value and send it to the JSP using .get or .post. Then you can add your validation in the JSP for the value sent and do whatever you want with it.
Hope this helps!
Jorge C.
As far as i understand this is not Raphael related.
What you need to make sure is, that you understand the difference between client and server side. Javascript runs client side (given we're not talking about a server side application written with JS/nodejs) in the browser while JSPs are executed on the server
If you collect values via JS and want the server to process it then you you can either send it to the server with an AJAX request (which wont reload the page) or manipulate a form and submit it (which will be a GET or a POST request then and will reload the whole page).
On the server you can accept the values and process them and then render the response.
For Ajax request you could look at jQuery.